Data Breach Regulation: What’s Next For Banks and Credit Unions?

Posted by Anna Kragie on Mar 8, 2019 2:24:22 PM

When your organization is part of a data breach as big as Equifax and Marriott, expect to stay in the headlines. Those two corporations continue to be under a congressional review microscope following the incidents that left millions of consumers’ data exposed.

The Senate Permanent Subcommittee on Investigations has been probing these breaches and its members have been vocal about the lack of oversight in protecting people’s personal and financial credentials. Members across party lines called on the organizations to do better to proactively protect their customers’ data. These discussions have also spurred conversations across the financial services industry.

"When hackers are able to obtain someone's personal information, the consequences are real," said Democrat Sen. Tom Carper. "The constant stream of data-breach notifications we see year in, and year out, is a sign we could be doing better."

“I think it’s long past time for us to come to an agreement on a federal data security law that lays out for private industry what we expect from them, both in data protection and in data breach notification,” Carper noted.

This begs the question: "What's next for financial institution data breach regulation?"

The Equifax and Marriott breaches garnered widespread attention not just because of the size of the breach, but because of what type of data was hacked. Breaches often involve emails and personal credentials, but when social security numbers are leaked, it takes the breach to the next level. Credit card numbers create an even bigger threat. Collectively, the widespread access to this type of data brings up fears over the rise of synthetic identities that are used to perpetrate even more fraud.

“Companies and government agencies alike must take steps to better protect the data consumers trusted in them,” Republican Sen. Rob Portman said at the hearing. “When that data’s compromised, we need to know as soon as possible so that we can do everything we can to ensure criminals are no longer taking advantage of us as consumers.”

Where Financial Institutions Come Into the Conversation

This discussion about doing more to protect consumers from data breaches, however, isn’t staying limited to the business sector. Conversations about how data breach legislation will impact how banks and credit unions approach consumer privacy and protecting personal credentials is an ongoing topic in Washington.

Besides consumer protection and privacy, the discussions around data security reform has brought the financial services industry into the fold. Specifically how more collaboration is needed across the fraud detection sector to implement solutions that act faster through the use of more sophisticated technology (like machine learning). The conversations in Washington has shifted to how financial institutions should be using data to better combat fraud.

Fears over consumer privacy protection have also sparked conversations about what banks and credit unions are doing to keep their own customers’ data protected. Knowing how to fully protect customers is about being able to proactively detect card fraud incidents quickly so they can be alerted before incidents spread. Minimizing customer impact is one goal that can be achieved with faster, better breach detection tools.

Closing the gap between fraudsters and FIs is one goal leaders across the financial services industry are constantly working toward.

“Without the ability to use data to identify and fight fraud, criminals will exploit the blind spot to commit crime,” Scott Talbott, senior VP of government affairs at the Electronic Transactions Association, told American Banker. “This will undermine the system and unnecessarily make efforts to fight fraud more difficult.”

Inevitably, breaches like those experience by Equifax and Marriott are all too common in today’s world where fraudsters are moving faster than companies can keep up with on their own. Card fraud today is a result as data breach incidents continues to skyrocket. Banks and credit unions are absorbing massive fraud and reissuance costs and the customer impact is becoming increasingly evident. From a revenue standpoint, this is going to continue sparking conversations on a national level about what more needs to be done to get ahead of this problem.

Striking a balance for financial institutions is a key point in these conversations. Determining how to protect consumers without an undue burden on corporations and organizations is a hot topic across the financial sector.

“We’re looking to prevent any additional burdens being put on the banking sector, which already abides by very strict guidelines of protecting people’s privacy,” said Paul Merski, group executive vice president for congressional relations and strategy at the Independent Community Bankers of America, told American Banker.

Since these massive breaches expose consumes to a greater chance of ID theft and banking fraud, this will continue to be part of the debates on Capitol Hill. Recently, lawmakers have discussed how data security legislation can push companies to better protect consumer data and act quicker when data breach incidents occur.

The short answer to those questions? Better data analytics. Read more on our take here.